(Default) mode to execute scripts in the content scope

[arantius]

This issue is to track and discuss issues that arise if we run scripts in the content scope. To begin with:

• Do we wrap scripts in an anonymous function, to provide a namespace isolated from the page?
• How do we handle @requires?
• How do we actually perform injection / execution?

[arantius]

My gut tells me that method of execution should be via some sort of custom protocol handler ( https://developer.mozilla.org/En/NsIProtocolHandler ), guaranteeing that the appropriate URL will be outside the same-origin to any page (thus the script content is unreadable to the page). Then injection is just adding a <script> node with the proper custom-protocol URL. Our protocol handler then knows how to glue the script and any requires together into an appropriate response for javascript execution.

Perhaps @resources can also then be referred to by a URL served by this protocol.

[arantius]

I've also started thinking more recently that perhaps in the case of @grant none we still run just the same (evalInSandbox) but we just use the un-wrapped content window for the prototype, and just don't inject anything. Need to investigate how well this approach works.

[arantius]

As implemented in arantius/greasemonkey@41d0da5 things seem to work as intended so far, but we definitely still get the file/line number confusion that we always have from the evalInSandbox(). A possible reason to re-implement as described in my first comment

[arantius]

I've tried the protocol handler route. It only half works. It's implemented; opening the appropriate URL via the URL bar shows the expected contents. But putting a <script> node in the page with src= that URL does not work. I don't know why yet.

arantius/greasemonkey@1.0...pure-content

[arantius]

Correction: all but the last script does run. The last one doesn't, and above I was only running one. Even more confusing.

[arantius]

Fixed the last-doesn't-run issue, the protocol handler's channel wasn't quite implemented right. But we need a DOM to inject the script node into -- and that doesn't exist yet at document-start.

The best solution I know of right now is to keep the protocol handler (still useful for referencing resources, maybe), but use it as the URL parameter to evalInSandbox(). That should make logged errors link to that generated file, rather than the eval call site, and make them slightly easier to grok.

[arantius]

Custom protocol handler stuff is implemented in https://github.com/arantius/greasemonkey/tree/pure-content -- but it's working poorly enough that I'm going to defer doing that at all and call this fixed. Fixed by 41d0da5 .